Static task
static1
General
-
Target
EZFN Launcher.exe
-
Size
48.5MB
-
MD5
81a46768e75a8935fe316582e1d0b302
-
SHA1
ca2ea68f6072ff88393ea82a2a2d3327e006125b
-
SHA256
f44862be6feda2c58e72ca6530faadba3c49b59994795ecbee4d05e38412b043
-
SHA512
335b61bd7724f0c9c034d1d21a0c36cc88806d9278d3e3fe63a39acd48ab7280573e1a7afb9de6df191eded05acba408beb65096c3771e3ea48e67d31970f34e
-
SSDEEP
1572864:uq7gyOoPJjV1xQCVls+/yhdyGpbi+TTZZ9WutsLjF:R75OoPNtls+KhT7Zg/j
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource EZFN Launcher.exe
Files
-
EZFN Launcher.exe.exe windows:6 windows x64 arch:x64
101792498362153ff7cb8cc5104982a7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntdll
RtlCaptureContext
NtWriteFile
RtlVirtualUnwind
RtlLookupFunctionEntry
NtQueryInformationProcess
RtlGetVersion
NtQuerySystemInformation
NtCreateFile
RtlGetNtVersionNumbers
NtDeviceIoControlFile
NtSuspendProcess
RtlPcToFileHeader
RtlUnwindEx
RtlNtStatusToDosError
NtCancelIoFileEx
NtReadFile
kernel32
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
lstrlenW
CreatePipe
WakeAllConditionVariable
SleepConditionVariableSRW
WakeConditionVariable
Sleep
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
SetEnvironmentVariableW
GetCommandLineW
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
OpenProcess
GetProcessId
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalSize
GlobalLock
MultiByteToWideChar
GetFileInformationByHandleEx
RemoveDirectoryW
CopyFileExW
GetSystemInfo
GetUserDefaultLocaleName
GetProcAddress
GetModuleHandleA
CloseHandle
PostQueuedCompletionStatus
FindClose
SetHandleInformation
ReleaseSRWLockExclusive
SetFilePointerEx
GetCurrentThread
GetStdHandle
GetConsoleMode
WriteConsoleW
SetLastError
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
CreateFileW
GetFileInformationByHandle
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
MoveFileExW
SetFileInformationByHandle
IsDebuggerPresent
GetLastError
SetThreadStackGuarantee
GetSystemTimes
GetProcessIoCounters
AddVectoredExceptionHandler
GetProcessTimes
ReadProcessMemory
LocalFree
VirtualQueryEx
RaiseException
GlobalMemoryStatusEx
K32GetPerformanceInfo
FreeLibrary
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
SwitchToThread
AcquireSRWLockExclusive
LoadLibraryW
TlsSetValue
TryAcquireSRWLockExclusive
LoadLibraryExA
GetUserDefaultUILanguage
LCIDToLocaleName
OutputDebugStringA
OutputDebugStringW
LoadLibraryExW
TlsFree
user32
LoadCursorW
SetCursor
ScreenToClient
CreateIcon
CreateMenu
AppendMenuW
GetMonitorInfoW
SetWindowPlacement
SetCapture
RedrawWindow
GetClientRect
PostThreadMessageW
CheckMenuItem
GetMessageA
DispatchMessageA
RegisterHotKey
SetMenuItemInfoW
ChangeDisplaySettingsExW
ShowCursor
ClipCursor
IsProcessDPIAware
MonitorFromWindow
EnumChildWindows
GetClipCursor
GetDC
GetMessageW
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
SendInput
GetTouchInputInfo
PostQuitMessage
UnregisterHotKey
VkKeyScanW
DefWindowProcW
TranslateMessage
RegisterClassExW
GetCursorPos
RegisterRawInputDevices
GetActiveWindow
CloseTouchInputHandle
TrackMouseEvent
DispatchMessageW
GetAsyncKeyState
FlashWindowEx
IsIconic
SetCursorPos
PeekMessageW
DestroyIcon
DestroyAcceleratorTable
ClientToScreen
AdjustWindowRectEx
GetMenu
GetWindowLongW
InvalidateRgn
SetWindowPos
RegisterWindowMessageA
SetForegroundWindow
MonitorFromRect
SetMenu
GetWindowLongPtrW
CreateAcceleratorTableW
GetSystemMenu
EnableMenuItem
MsgWaitForMultipleObjectsEx
PostMessageW
GetAncestor
TranslateAcceleratorW
CreateWindowExW
SetWindowLongPtrW
SendMessageW
RegisterTouchWindow
IsWindow
GetRawInputData
ValidateRect
GetUpdateRect
MapVirtualKeyW
SetWindowDisplayAffinity
EnumDisplayMonitors
GetWindowTextW
GetWindowTextLengthW
GetForegroundWindow
MonitorFromPoint
SetWindowTextW
ReleaseCapture
ShowWindow
GetKeyboardState
GetSystemMetrics
IsClipboardFormatAvailable
GetClipboardData
IsWindowVisible
CloseClipboard
OpenClipboard
GetKeyState
ToUnicodeEx
GetKeyboardLayout
MapVirtualKeyExW
DestroyWindow
WaitForInputIdle
SetClipboardData
EmptyClipboard
SetWindowLongW
comctl32
SetWindowSubclass
TaskDialogIndirect
DefSubclassProc
RemoveWindowSubclass
pdh
PdhOpenQueryA
PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
advapi32
RegGetValueW
GetLengthSid
RegQueryValueExW
SystemFunction036
RegCloseKey
EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister
IsValidSid
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
CopySid
ole32
OleInitialize
RegisterDragDrop
RevokeDragDrop
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
shell32
DragQueryFileW
DragFinish
SHCreateItemFromParsingName
CommandLineToArgvW
SHAppBarMessage
SHGetKnownFolderPath
ShellExecuteW
bcrypt
BCryptGenRandom
ws2_32
closesocket
WSASocketW
ioctlsocket
connect
getsockopt
getsockname
setsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
WSAIoctl
recv
WSAGetLastError
bind
shutdown
WSASend
send
getpeername
secur32
DeleteSecurityContext
InitializeSecurityContextW
AcquireCredentialsHandleA
QueryContextAttributesW
AcceptSecurityContext
EncryptMessage
FreeCredentialsHandle
DecryptMessage
ApplyControlToken
FreeContextBuffer
crypt32
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertEnumCertificatesInStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertCloseStore
CertDuplicateStore
CertDuplicateCertificateContext
CertGetCertificateChain
CertOpenStore
CertDuplicateCertificateChain
psapi
GetModuleFileNameExW
GetProcessMemoryInfo
powrprof
CallNtPowerInformation
uxtheme
SetWindowTheme
gdi32
DeleteObject
GetDeviceCaps
CreateRectRgn
dwmapi
DwmEnableBlurBehindWindow
oleaut32
SysStringLen
GetErrorInfo
SetErrorInfo
SysFreeString
api-ms-win-crt-string-l1-1-0
strlen
wcslen
wcsncmp
_wcsicmp
strcpy_s
api-ms-win-crt-math-l1-1-0
round
__setusermatherr
floor
trunc
pow
api-ms-win-crt-heap-l1-1-0
_callnewh
free
malloc
calloc
_set_new_mode
api-ms-win-crt-convert-l1-1-0
_ultow_s
wcstol
api-ms-win-crt-runtime-l1-1-0
_set_app_type
_crt_atexit
_initialize_onexit_table
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_get_initial_narrow_environment
_c_exit
_initterm
_initterm_e
exit
_initialize_narrow_environment
_register_onexit_function
_cexit
__p___argv
__p___argc
abort
terminate
_exit
api-ms-win-crt-stdio-l1-1-0
__p__commode
_set_fmode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 3.4MB - Virtual size: 3.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 45.0MB - Virtual size: 45.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 103KB - Virtual size: 102KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ